Privacy Policy
Privacy Policy
- Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data is any data by which you can be personally identified.
1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Anna-Lena Moser, A Stone's Desire, Sa Bassa Roja Poligono 22, 07816, España, Phone: +436648455540, Email: shop@astonesdesire.com. The controller of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Data Collection When Visiting Our Website
2.1 When you visit our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website:
- Our visited website
- Date and time of access
- Amount of data sent in bytes
- Source/referral from which you reached the page
- Browser used
- Operating system used
- IP address used (possibly in anonymized form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. The data is not shared or used in any other way. However, we reserve the right to retrospectively review the server log files if there are specific indications of illegal use.
2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.
- Hosting & Content Delivery Network
Shopify
To host our website and display the content of the pages, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland
Data may also be transmitted to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
All data collected on our website is processed on the provider's servers.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized transmission to third parties.
For data transfers to Canada, an adequate level of data protection is ensured by a decision of adequacy by the European Commission.
- Cookies
To make visiting our website more attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your device for a longer period, allowing for site settings to be saved (so-called "persistent cookies"). In the latter case, you can find the duration of storage in the overview of cookie settings in your web browser.
If personal data is also processed by individual cookies we use, the processing is carried out either to execute the contract in accordance with Art. 6 para. 1 lit. b GDPR, based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, or based on our legitimate interest in ensuring the best possible functionality of the website and a customer-friendly and effective site visit in accordance with Art. 6 para. 1 lit. f GDPR.
You can set your browser to inform you about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general.
Please note that if cookies are not accepted, the functionality of our website may be limited.
- Contact
5.1 Loox
For review reminders, we use the services of the following provider: Loox Online Ltd., Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel
Only with your express consent in accordance with Art. 6 para. 1 lit. a GDPR will we transmit your email address and, if applicable, other data to the provider so that they can contact you via email with a reminder to leave a review.
You can revoke your consent at any time with future effect either to us or to the provider.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized transmission to third parties.
For data transfers to the provider’s location, an adequate level of data protection is ensured by a decision of adequacy by the European Commission.
5.2 When you contact us (e.g., via contact form or email), personal data is collected. The specific data collected in the case of a contact form can be seen from the respective contact form. This data is stored and used solely for the purpose of responding to your request or for contacting you and the related technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact aims to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after the final processing of your request, provided that there are no statutory retention obligations to the contrary.
- Use of Customer Data for Direct Advertising
6.1 Newsletter Subscription
When you subscribe to our email newsletter, we regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter if you have expressly confirmed that you consent to receiving the newsletter. We will then send you a confirmation email asking you to confirm by clicking a corresponding link that you want to receive the newsletter in the future.
By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address, which is entered by the Internet Service Provider (ISP), as well as the date and time of registration to trace a possible misuse of your email address at a later date. The data collected by us when registering for the newsletter will be used exclusively for promotional purposes via the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the responsible person mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this statement.
6.2 Klaviyo
Our email newsletters are sent through this provider: Klaviyo, 225 Franklin St, Boston, MA 02110, USA
Based on our legitimate interest in effective and user-friendly newsletter marketing, we transmit the data you provided when registering for the newsletter to this provider in accordance with Art. 6 para. 1 lit. f GDPR, so that they can send the newsletter on our behalf.
Subject to your express consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also conducts a statistical evaluation of the success of newsletter campaigns through web beacons or tracking pixels in the sent emails, which can measure open rates and specific interactions with the content of the newsletter. In the process, information from the end device (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but it is not merged with other data sets.
You can revoke your consent to the newsletter tracking at any time with future effect.
We have concluded a data processing agreement with the provider, which ensures the protection of the data of our website visitors and prohibits unauthorized transmission to third parties.
For data transfers to the U.S., the provider participates in the EU-U.S. Data Privacy Framework, which ensures compliance with the European level of data protection based on a decision of adequacy by the European Commission.
7) Data Processing for Order Handling
7.1 The personal data collected by us will be passed on to the transport company responsible for the delivery as part of the contract processing, as far as this is necessary for the delivery of the goods. We will pass on your payment data to the commissioned credit institution as part of the payment processing, provided this is necessary for the payment processing. If we use payment service providers, we will explicitly inform you about this below. The legal basis for the transfer of data is Article 6(1)(b) GDPR.
7.2 To fulfill our contractual obligations to our customers, we work with external shipping partners. We will only pass on your name and delivery address for the purpose of delivering goods in accordance with Article 6(1)(b) GDPR to a selected shipping partner.
7.3 Use of Payment Service Providers (Payment Services)
-
PayPal Checkout
This website uses PayPal Checkout, an online payment system from PayPal that consists of PayPal’s own payment methods and local methods from external providers.
For payments via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, "pay later" via PayPal, we will transmit the payment data of the data subject to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg ("PayPal") for the purpose of processing the payment. This transmission will be carried out in accordance with Article 6(1)(b) GDPR and only as far as necessary for the payment processing. For credit card payments via PayPal, direct debit via PayPal, or, if offered, "pay later" via PayPal, PayPal reserves the right to perform a credit check. For this purpose, we will transmit the payment data of the data subject to credit agencies if necessary, in accordance with Article 6(1)(f) GDPR, based on PayPal’s legitimate interest in determining your solvency. PayPal will use the results of the credit check with respect to the statistical probability of default to decide whether to provide the corresponding payment method. The credit check may contain probability values (credit scores). If the credit score is included in the result of the credit check, it will be based on a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the credit score. The data subject can object to the processing of their data at any time by sending a message to PayPal. However, PayPal may still be entitled to process the personal data if this is necessary for the contractual payment processing.
If the data subject chooses PayPal’s invoice payment method, their payment data will first be transferred to PayPal for payment preparation, and PayPal will subsequently transfer it to Ratepay GmbH, Franklinstraße 28-29, 10587 Berlin ("Ratepay") for processing. The legal basis for this is Article 6(1)(b) GDPR. In this case, Ratepay will perform an identity and credit check on PayPal’s behalf to determine the solvency in accordance with the aforementioned principle and will transfer the data subject’s payment data to credit agencies based on its legitimate interest in determining solvency in accordance with Article 6(1)(f) GDPR. A list of the credit agencies that Ratepay may use can be found here (in English): https://www.ratepay.com/en/legal-payment-creditagencies/.
If a local external provider’s payment method is used, the payment data will first be transferred to PayPal for payment preparation in accordance with Article 6(1)(b) GDPR. Depending on the local payment method chosen by the data subject, PayPal will then transfer the payment data for payment preparation in accordance with Article 6(1)(b) GDPR to the relevant provider:
- Apple Pay (Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland)
- Google Pay (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland)
- Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
- iDeal (Currence Holding BV, Beethovenstraat 300, Amsterdam, Netherlands)
- Bancontact (Bancontact Payconiq Company, Rue d’Arlon 82, 1040 Brussels, Belgium)
- blik (Polski Standard Płatności sp. z o.o., ul. Czerniakowska 87A, 00-718 Warsaw, Poland)
- eps (STUZZA Studiengesellschaft für Zusammenarbeit im Zahlungsverkehr GmbH, Frankgasse 10/8, 1090 Vienna, Austria)
- MyBank (PRETA S.A.S, 40 Rue de Courcelles, F-75008 Paris, France)
- Przelewy24 (PayPro SA, Kanclerska 15A, 60-326 Poznan, Poland)
Further information on data protection can be found in PayPal’s privacy policy: https://www.paypal.com/es/webapps/mpp/ua/privacy-full?locale.x=es_ES.
8) Tools and Other
Cookie-Consent Tool
This website uses a so-called "Cookie-Consent Tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The "Cookie-Consent Tool" is displayed to users in the form of an interactive user interface when they access the website, where consent can be given for certain cookies and/or cookie-based applications by checking the appropriate box. All cookies/services that require consent will only be loaded if the user has given the corresponding consent by checking the box. This ensures that such cookies are only set on the user’s device if consent has been given.
The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this process. If, in individual cases, personal data (such as the IP address) is processed for the purpose of storage, assignment, or logging of cookie settings, this is done in accordance with Article 6(1)(f) GDPR based on our legitimate interest in a legally compliant, user-specific, and user-friendly consent management for cookies and therefore in a legally compliant design of our website.
Further legal basis for the processing is Article 6(1)(c) GDPR. We are legally obliged to make the use of non-essential cookies dependent on the respective user consent.
We have concluded a data processing agreement with the provider, which ensures the protection of our website visitors’ data and prohibits unauthorized transfer to third parties.
Further information about the operator and the settings of the Cookie-Consent Tool can be found directly in the corresponding user interface on our website.
9) Rights of the Data Subject
9.1 The applicable data protection law grants you comprehensive rights (rights of access and intervention) against the controller concerning the processing of your personal data, which we inform you about below:
- Right to information according to Article 15 GDPR;
- Right to rectification according to Article 16 GDPR;
- Right to deletion according to Article 17 GDPR;
- Right to restriction of processing according to Article 18 GDPR;
- Right to notification according to Article 19 GDPR;
- Right to data portability according to Article 20 GDPR;
- Right to revoke consent given according to Article 7(3) GDPR;
- Right to lodge a complaint according to Article 77 GDPR.
10) Duration of the Storage of Personal Data
The duration of the storage of personal data is determined based on the respective legal basis, the processing purpose, and—if applicable—additionally based on the respective statutory retention period (e.g., commercial and tax retention periods).
When processing personal data based on explicit consent in accordance with Article 6(1)(a) GDPR, this data will be stored until the data subject revokes their consent.
If there are statutory retention periods for data that is processed within the framework of legal or similar obligations based on Article 6(1)(b) GDPR, this data will be routinely deleted after the retention periods have expired, provided it is no longer necessary for the fulfillment or initiation of the contract and/or there is no legitimate interest in further storage on our part.
When processing personal data based on Article 6(1)(f) GDPR, this data will be stored until the data subject exercises their right to object according to Article 21(1) GDPR unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.
When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, this data will be stored until the data subject exercises their right to object according to Article 21(2) GDPR.
Unless otherwise stated in the specific information of this declaration about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.